From 00086965e7109dfac8f01f38fc05e24ccf9863ad Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Thu, 20 Nov 2025 12:09:48 +0000 Subject: [PATCH 1/7] docs(backend): correct TypeScript code fences in TS tabs (controllers, services, middlewares, routes) --- docusaurus/docs/cms/backend-customization/controllers.md | 2 +- docusaurus/docs/cms/backend-customization/middlewares.md | 2 +- docusaurus/docs/cms/backend-customization/routes.md | 4 ++-- docusaurus/docs/cms/backend-customization/services.md | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docusaurus/docs/cms/backend-customization/controllers.md b/docusaurus/docs/cms/backend-customization/controllers.md index 75dc481553..67d0b72ca2 100644 --- a/docusaurus/docs/cms/backend-customization/controllers.md +++ b/docusaurus/docs/cms/backend-customization/controllers.md @@ -95,7 +95,7 @@ module.exports = createCoreController('api::restaurant.restaurant', ({ strapi }) -```js title="./src/api/restaurant/controllers/restaurant.ts" +```ts title="./src/api/restaurant/controllers/restaurant.ts" import { factories } from '@strapi/strapi'; diff --git a/docusaurus/docs/cms/backend-customization/middlewares.md b/docusaurus/docs/cms/backend-customization/middlewares.md index 57e930bdbd..f47ee9f6e7 100644 --- a/docusaurus/docs/cms/backend-customization/middlewares.md +++ b/docusaurus/docs/cms/backend-customization/middlewares.md @@ -108,7 +108,7 @@ module.exports = () => { -```js title="/config/middlewares.ts" +```ts title="/config/middlewares.ts" export default () => { return async (ctx, next) => { diff --git a/docusaurus/docs/cms/backend-customization/routes.md b/docusaurus/docs/cms/backend-customization/routes.md index ef5747a454..54a5ce2d46 100644 --- a/docusaurus/docs/cms/backend-customization/routes.md +++ b/docusaurus/docs/cms/backend-customization/routes.md @@ -97,7 +97,7 @@ module.exports = createCoreRouter('api::restaurant.restaurant', { -```js title="./src/api/[apiName]/routes/[routerName].ts (e.g './src/api/restaurant/routes/restaurant.ts')" +```ts title="./src/api/[apiName]/routes/[routerName].ts (e.g './src/api/restaurant/routes/restaurant.ts')" import { factories } from '@strapi/strapi'; @@ -149,7 +149,7 @@ module.exports = createCoreRouter('api::restaurant.restaurant', { -```js title="./src/api/restaurant/routes/restaurant.ts" +```ts title="./src/api/restaurant/routes/restaurant.ts" import { factories } from '@strapi/strapi'; diff --git a/docusaurus/docs/cms/backend-customization/services.md b/docusaurus/docs/cms/backend-customization/services.md index 86c5e7442d..ff0c26cc3b 100644 --- a/docusaurus/docs/cms/backend-customization/services.md +++ b/docusaurus/docs/cms/backend-customization/services.md @@ -83,7 +83,7 @@ module.exports = createCoreService('api::restaurant.restaurant', ({ strapi }) => -```js title="./src/api/restaurant/services/restaurant.ts" +```ts title="./src/api/restaurant/services/restaurant.ts" import { factories } from '@strapi/strapi'; @@ -171,7 +171,7 @@ module.exports = createCoreService('api::restaurant.restaurant', ({ strapi }) => -```js title="./src/api/restaurant/services/restaurant.ts" +```ts title="./src/api/restaurant/services/restaurant.ts" import { factories } from '@strapi/strapi'; From 49a15fb84c95c9166c39a7c5d79725c485df8f55 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Thu, 20 Nov 2025 12:09:54 +0000 Subject: [PATCH 2/7] docs(bundlers): clarify webpack config example rename and JS/TS filenames --- .../docs/cms/admin-panel-customization/bundlers.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/docusaurus/docs/cms/admin-panel-customization/bundlers.md b/docusaurus/docs/cms/admin-panel-customization/bundlers.md index 81b485a2db..25ebf19dc1 100644 --- a/docusaurus/docs/cms/admin-panel-customization/bundlers.md +++ b/docusaurus/docs/cms/admin-panel-customization/bundlers.md @@ -80,10 +80,15 @@ strapi develop --bundler=webpack ``` :::prerequisites -Make sure to rename the default `webpack.config.example.js` file into `webpack.config.` before customizing webpack. +If you plan to customize webpack, start from the example file in your project root. Rename: + +- `webpack.config.example.js` → `webpack.config.js` (JavaScript) +- or `webpack.config.example.ts` → `webpack.config.ts` (TypeScript) + +Strapi will pick up `webpack.config.js` or `webpack.config.ts` automatically when you run `strapi develop --bundler=webpack`. ::: -In order to extend the usage of webpack v5, define a function that extends its configuration inside `/src/admin/webpack.config.`: +To extend webpack v5, define a function that returns a modified config in `/src/admin/webpack.config.js` or `/src/admin/webpack.config.ts`: @@ -118,4 +123,3 @@ export default (config, webpack) => { - From 9502ba1c65eca433a9d6c53277dd9ba2a4d93e03 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Thu, 20 Nov 2025 12:10:01 +0000 Subject: [PATCH 3/7] docs(routes): add guidance to prefer fully-qualified handler names in custom routers --- docusaurus/docs/cms/backend-customization/routes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docusaurus/docs/cms/backend-customization/routes.md b/docusaurus/docs/cms/backend-customization/routes.md index 54a5ce2d46..f5920ea584 100644 --- a/docusaurus/docs/cms/backend-customization/routes.md +++ b/docusaurus/docs/cms/backend-customization/routes.md @@ -168,7 +168,7 @@ export default factories.createCoreRouter('api::restaurant.restaurant', { -This only allows a `GET` request on the `/restaurants` path from the core `find` [controller](/cms/backend-customization/controllers) without authentication. +This only allows a `GET` request on the `/restaurants` path from the core `find` [controller](/cms/backend-customization/controllers) without authentication. When you reference custom controller actions in custom routers, prefer the fully‑qualified `api::..` form for clarity (e.g., `api::restaurant.restaurant.review`). ### Creating custom routers From 8ad2c1fe6c05f370596a10122889ab4d01cc5b65 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Thu, 20 Nov 2025 12:10:17 +0000 Subject: [PATCH 4/7] docs(api-tokens): add concise security tip (least privilege, rotation, secrets manager) --- docusaurus/docs/cms/features/api-tokens.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docusaurus/docs/cms/features/api-tokens.md b/docusaurus/docs/cms/features/api-tokens.md index 7f63b377c9..08ff86b2d7 100644 --- a/docusaurus/docs/cms/features/api-tokens.md +++ b/docusaurus/docs/cms/features/api-tokens.md @@ -19,6 +19,10 @@ API tokens provide scoped authentication for REST and GraphQL requests without e API tokens allow users to authenticate REST and GraphQL API queries (see [APIs introduction](/cms/api/content-api)). +:::tip Security +Prefer read‑only tokens for public access, scope server tokens to only what you need, rotate long‑lived tokens, and store them in a secrets manager. Never expose admin tokens in client‑side code. +::: + Free feature From 65d99f36b03ef4c6fe42efe9f047603dd2c86f6a Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Thu, 20 Nov 2025 16:31:26 +0000 Subject: [PATCH 5/7] Limit PR scope based on title; keep only intended doc(s); revert unrelated files --- .../docs/cms/admin-panel-customization/bundlers.md | 10 +++------- .../docs/cms/backend-customization/controllers.md | 2 +- .../docs/cms/backend-customization/middlewares.md | 2 +- docusaurus/docs/cms/backend-customization/routes.md | 6 +++--- docusaurus/docs/cms/backend-customization/services.md | 4 ++-- 5 files changed, 10 insertions(+), 14 deletions(-) diff --git a/docusaurus/docs/cms/admin-panel-customization/bundlers.md b/docusaurus/docs/cms/admin-panel-customization/bundlers.md index 25ebf19dc1..81b485a2db 100644 --- a/docusaurus/docs/cms/admin-panel-customization/bundlers.md +++ b/docusaurus/docs/cms/admin-panel-customization/bundlers.md @@ -80,15 +80,10 @@ strapi develop --bundler=webpack ``` :::prerequisites -If you plan to customize webpack, start from the example file in your project root. Rename: - -- `webpack.config.example.js` → `webpack.config.js` (JavaScript) -- or `webpack.config.example.ts` → `webpack.config.ts` (TypeScript) - -Strapi will pick up `webpack.config.js` or `webpack.config.ts` automatically when you run `strapi develop --bundler=webpack`. +Make sure to rename the default `webpack.config.example.js` file into `webpack.config.` before customizing webpack. ::: -To extend webpack v5, define a function that returns a modified config in `/src/admin/webpack.config.js` or `/src/admin/webpack.config.ts`: +In order to extend the usage of webpack v5, define a function that extends its configuration inside `/src/admin/webpack.config.`: @@ -123,3 +118,4 @@ export default (config, webpack) => { + diff --git a/docusaurus/docs/cms/backend-customization/controllers.md b/docusaurus/docs/cms/backend-customization/controllers.md index 67d0b72ca2..75dc481553 100644 --- a/docusaurus/docs/cms/backend-customization/controllers.md +++ b/docusaurus/docs/cms/backend-customization/controllers.md @@ -95,7 +95,7 @@ module.exports = createCoreController('api::restaurant.restaurant', ({ strapi }) -```ts title="./src/api/restaurant/controllers/restaurant.ts" +```js title="./src/api/restaurant/controllers/restaurant.ts" import { factories } from '@strapi/strapi'; diff --git a/docusaurus/docs/cms/backend-customization/middlewares.md b/docusaurus/docs/cms/backend-customization/middlewares.md index f47ee9f6e7..57e930bdbd 100644 --- a/docusaurus/docs/cms/backend-customization/middlewares.md +++ b/docusaurus/docs/cms/backend-customization/middlewares.md @@ -108,7 +108,7 @@ module.exports = () => { -```ts title="/config/middlewares.ts" +```js title="/config/middlewares.ts" export default () => { return async (ctx, next) => { diff --git a/docusaurus/docs/cms/backend-customization/routes.md b/docusaurus/docs/cms/backend-customization/routes.md index f5920ea584..ef5747a454 100644 --- a/docusaurus/docs/cms/backend-customization/routes.md +++ b/docusaurus/docs/cms/backend-customization/routes.md @@ -97,7 +97,7 @@ module.exports = createCoreRouter('api::restaurant.restaurant', { -```ts title="./src/api/[apiName]/routes/[routerName].ts (e.g './src/api/restaurant/routes/restaurant.ts')" +```js title="./src/api/[apiName]/routes/[routerName].ts (e.g './src/api/restaurant/routes/restaurant.ts')" import { factories } from '@strapi/strapi'; @@ -149,7 +149,7 @@ module.exports = createCoreRouter('api::restaurant.restaurant', { -```ts title="./src/api/restaurant/routes/restaurant.ts" +```js title="./src/api/restaurant/routes/restaurant.ts" import { factories } from '@strapi/strapi'; @@ -168,7 +168,7 @@ export default factories.createCoreRouter('api::restaurant.restaurant', { -This only allows a `GET` request on the `/restaurants` path from the core `find` [controller](/cms/backend-customization/controllers) without authentication. When you reference custom controller actions in custom routers, prefer the fully‑qualified `api::..` form for clarity (e.g., `api::restaurant.restaurant.review`). +This only allows a `GET` request on the `/restaurants` path from the core `find` [controller](/cms/backend-customization/controllers) without authentication. ### Creating custom routers diff --git a/docusaurus/docs/cms/backend-customization/services.md b/docusaurus/docs/cms/backend-customization/services.md index ff0c26cc3b..86c5e7442d 100644 --- a/docusaurus/docs/cms/backend-customization/services.md +++ b/docusaurus/docs/cms/backend-customization/services.md @@ -83,7 +83,7 @@ module.exports = createCoreService('api::restaurant.restaurant', ({ strapi }) => -```ts title="./src/api/restaurant/services/restaurant.ts" +```js title="./src/api/restaurant/services/restaurant.ts" import { factories } from '@strapi/strapi'; @@ -171,7 +171,7 @@ module.exports = createCoreService('api::restaurant.restaurant', ({ strapi }) => -```ts title="./src/api/restaurant/services/restaurant.ts" +```js title="./src/api/restaurant/services/restaurant.ts" import { factories } from '@strapi/strapi'; From b082549e1b649da5c4485bf787767433a369c3f0 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Thu, 20 Nov 2025 17:55:20 +0000 Subject: [PATCH 6/7] API Tokens docs: change security tip to a caution callout with title (PR #2846) --- docusaurus/docs/cms/features/api-tokens.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docusaurus/docs/cms/features/api-tokens.md b/docusaurus/docs/cms/features/api-tokens.md index 08ff86b2d7..74b9e96ee6 100644 --- a/docusaurus/docs/cms/features/api-tokens.md +++ b/docusaurus/docs/cms/features/api-tokens.md @@ -19,7 +19,7 @@ API tokens provide scoped authentication for REST and GraphQL requests without e API tokens allow users to authenticate REST and GraphQL API queries (see [APIs introduction](/cms/api/content-api)). -:::tip Security +:::caution Security Security Prefer read‑only tokens for public access, scope server tokens to only what you need, rotate long‑lived tokens, and store them in a secrets manager. Never expose admin tokens in client‑side code. ::: From be9eac7800c07cb1b7f0f4bf42ab86f69014108d Mon Sep 17 00:00:00 2001 From: Pierre Wizla Date: Thu, 20 Nov 2025 18:56:20 +0100 Subject: [PATCH 7/7] Apply suggestion from @pwizla --- docusaurus/docs/cms/features/api-tokens.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docusaurus/docs/cms/features/api-tokens.md b/docusaurus/docs/cms/features/api-tokens.md index 74b9e96ee6..8a5258ac99 100644 --- a/docusaurus/docs/cms/features/api-tokens.md +++ b/docusaurus/docs/cms/features/api-tokens.md @@ -19,7 +19,7 @@ API tokens provide scoped authentication for REST and GraphQL requests without e API tokens allow users to authenticate REST and GraphQL API queries (see [APIs introduction](/cms/api/content-api)). -:::caution Security Security +:::caution Security Prefer read‑only tokens for public access, scope server tokens to only what you need, rotate long‑lived tokens, and store them in a secrets manager. Never expose admin tokens in client‑side code. :::